I'm upgrading an existing application to use Spring Boot and to move away from web.xml. While I've achieved functionality, there's a portion of my web.xml that for the life of me I cannot figure out how to upgrade to spring boot. (If it matters I'm using 1.5.6)
Relevant portion of my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>basic</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
Here's my application class:
@SpringBootApplication
public class Application extends SpringBootServletInitializer{
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
return builder.sources(Application.class);
}
}
I haven't been able to determine how to set up anything to mirror the functionality of security-constraint or login-config using a code based approach.
If anyone has any ideas of how to or can point me in the right direction, I'd be greatly appreciative. A few hours of googling and trying solutions has left me with nothing.
Look into @EnableWebSecurity
and WebSecurityConfigurerAdapter
See example below:
@EnableWebSecurity
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/**").authenticated()
.anyRequest()
.permitAll()
.and().httpBasic()
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}